How much do bad guys make from good guys buying their stuff?

13 Sep 2010

HBGary put their presentation from Blackhat online today. It's main focus is on their FingerPrint tool, but Greg Hoglund also discusses the costs for rootkits ($10,000), implants ($1,000), exploit packs ($1,000+), and bot nets ($1,000). See the image at 4:00. What I like is how he says he buys the exploit packs from the vendors to see what they have. I'm curious what percentage of the bad guys profits are from various security vendors and researchers buying their stuff to find out what it can do? I'd bet it's significant.